Microsoft is a national security threat, says ex-White House cyber policy director

With little competition at the goverment level, Windows giant has no incentive to make its systems safer

Interview Microsoft has a shocking level of control over IT within the US federal government – so much so that former senior White House cyber policy director AJ Grotto thinks it's fair to call Redmond's recent security failures a national security issue. 

Grotto this week spoke with The Register in an interview you can watch below, in which he told us that exacting even slight concessions from Microsoft has been a major fight for the Feds.

Youtube Video

"If you go back to the SolarWinds episode from a few years ago … [Microsoft] was essentially up-selling logging capability to federal agencies" instead of making it the default, Grotto said. "As a result, it was really hard for agencies to identify their exposure to the SolarWinds breach." 

Grotto told us Microsoft had to be "dragged kicking and screaming" to provide logging capabilities to the government by default, and given the fact the mega-corp banked around $20 billion in revenue from security services last year, the concession was minimal at best. 

That illustrates, Grotto said, that "they [Microsoft] just have a ton of leverage, and they're not afraid to use it." 

Add to that concerns over an Exchange Online intrusion by Chinese snoops, and another Microsoft security breach by Russian cyber operatives, both of which allowed spies to gain access to US government emails, and Grotto says it's fair to classify Microsoft and its products as a national security concern. 

But what can be done to solve the problem when 85 percent of US government productivity software, by Grotto's reckoning, and even more operating system share, belongs to Redmond? 

"The government needs to focus on encouraging and catalyzing competition," Grotto said. He believes it also needs to publicly scrutinize Microsoft and make sure everyone knows when it messes up. 

"At the end of the day, Microsoft, any company, is going to respond most directly to market incentives," Grotto told us. "Unless this scrutiny generates changed behavior among its customers who might want to look elsewhere, then the incentives for Microsoft to change are not going to be as strong as they should be." ®

More about

TIP US OFF

Send us news


Other stories you might like